
---

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: networks.k8s.plugin.opnfv.org
spec:
  group: k8s.plugin.opnfv.org
  names:
    kind: Network
    listKind: NetworkList
    plural: networks
    singular: network
  scope: Namespaced
  versions:
    - name: v1alpha1
      served: true
      storage: true
      subresources:
        status: {}
      schema:
        openAPIV3Schema:
          type: object
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
                of an object. Servers should convert recognized schemas to the latest
                internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this
                object represents. Servers may infer this from the endpoint the client
                submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              properties:
                cniType:
                  description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
                    Important: Run "operator-sdk generate k8s" to regenerate code after
                    modifying this file Add custom validation using kubebuilder tags:
                    https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html'
                  type: string
                dns:
                  properties:
                    domain:
                      type: string
                    nameservers:
                      items:
                        type: string
                      type: array
                    options:
                      items:
                        type: string
                      type: array
                    search:
                      items:
                        type: string
                      type: array
                  type: object
                ipv4Subnets:
                  items:
                    properties:
                      excludeIps:
                        type: string
                      gateway:
                        type: string
                      name:
                        type: string
                      subnet:
                        type: string
                    required:
                    - name
                    - subnet
                    type: object
                  type: array
                ipv6Subnets:
                  items:
                    properties:
                      excludeIps:
                        type: string
                      gateway:
                        type: string
                      name:
                        type: string
                      subnet:
                        type: string
                    required:
                    - name
                    - subnet
                    type: object
                  type: array
                routes:
                  items:
                    properties:
                      dst:
                        type: string
                      gw:
                        type: string
                    required:
                    - dst
                    type: object
                  type: array
              required:
              - cniType
              - ipv4Subnets
              type: object
            status:
              properties:
                state:
                  description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
                    of cluster Important: Run "operator-sdk generate k8s" to regenerate
                    code after modifying this file Add custom validation using kubebuilder
                    tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html'
                  type: string
              required:
              - state
              type: object


---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: providernetworks.k8s.plugin.opnfv.org
spec:
  group: k8s.plugin.opnfv.org
  names:
    kind: ProviderNetwork
    listKind: ProviderNetworkList
    plural: providernetworks
    singular: providernetwork
  scope: Namespaced
  versions:
    - name: v1alpha1
      served: true
      storage: true
      subresources:
        status: {}
      schema:
        openAPIV3Schema:
          description: ProviderNetwork is the Schema for the providernetworks API
          type: object
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
                of an object. Servers should convert recognized schemas to the latest
                internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this
                object represents. Servers may infer this from the endpoint the client
                submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: ProviderNetworkSpec defines the desired state of ProviderNetwork
              properties:
                cniType:
                  description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
                    Important: Run "operator-sdk generate k8s" to regenerate code after
                    modifying this file Add custom validation using kubebuilder tags:
                    https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html'
                  type: string
                direct:
                  properties:
                    directNodeSelector:
                      type: string
                    nodeLabelList:
                      items:
                        type: string
                      type: array
                    providerInterfaceName:
                      type: string
                  required:
                  - directNodeSelector
                  - providerInterfaceName
                  type: object
                dns:
                  properties:
                    domain:
                      type: string
                    nameservers:
                      items:
                        type: string
                      type: array
                    options:
                      items:
                        type: string
                      type: array
                    search:
                      items:
                        type: string
                      type: array
                  type: object
                ipv4Subnets:
                  items:
                    properties:
                      excludeIps:
                        type: string
                      gateway:
                        type: string
                      name:
                        type: string
                      subnet:
                        type: string
                    required:
                    - name
                    - subnet
                    type: object
                  type: array
                ipv6Subnets:
                  items:
                    properties:
                      excludeIps:
                        type: string
                      gateway:
                        type: string
                      name:
                        type: string
                      subnet:
                        type: string
                    required:
                    - name
                    - subnet
                    type: object
                  type: array
                providerNetType:
                  type: string
                routes:
                  items:
                    properties:
                      dst:
                        type: string
                      gw:
                        type: string
                    required:
                    - dst
                    type: object
                  type: array
                vlan:
                  properties:
                    logicalInterfaceName:
                      type: string
                    nodeLabelList:
                      items:
                        type: string
                      type: array
                    providerInterfaceName:
                      type: string
                    vlanId:
                      type: string
                    vlanNodeSelector:
                      type: string
                  required:
                  - providerInterfaceName
                  - vlanId
                  - vlanNodeSelector
                  type: object
              required:
              - cniType
              - ipv4Subnets
              - providerNetType
              type: object
            status:
              description: ProviderNetworkStatus defines the observed state of ProviderNetwork
              properties:
                state:
                  description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
                    of cluster Important: Run "operator-sdk generate k8s" to regenerate
                    code after modifying this file Add custom validation using kubebuilder
                    tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html'
                  type: string
              required:
              - state
              type: object
---

apiVersion: v1
kind: ServiceAccount
metadata:
  name: k8s-nfn-sa
  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  creationTimestamp: null
  name: k8s-nfn-cr
rules:
- apiGroups:
  - ""
  resources:
  - pods
  - pods/status
  - services
  - endpoints
  - persistentvolumeclaims
  - events
  - configmaps
  - secrets
  - nodes
  verbs:
  - '*'
- apiGroups:
  - apps
  resources:
  - deployments
  - daemonsets
  - replicasets
  - statefulsets
  verbs:
  - '*'
- apiGroups:
  - monitoring.coreos.com
  resources:
  - servicemonitors
  verbs:
  - get
  - create
- apiGroups:
  - apps
  resourceNames:
  - nfn-operator
  resources:
  - deployments/finalizers
  verbs:
  - update
- apiGroups:
  - k8s.plugin.opnfv.org
  resources:
  - '*'
  - providernetworks
  verbs:
  - '*'

---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: k8s-nfn-crb
subjects:
- kind: Group
  name: system:serviceaccounts
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: k8s-nfn-cr
  apiGroup: rbac.authorization.k8s.io


---

apiVersion: v1
kind: Service
metadata:
  name: nfn-operator
  namespace: kube-system
spec:
  type: NodePort
  ports:
  - port: 50000
    protocol: TCP
    targetPort: 50000
  selector:
    name: nfn-operator


---

apiVersion: v1
kind: ConfigMap
metadata:
  name: ovn-controller-network
  namespace: kube-system
data:
  OVN_SUBNET: "{{ kube_pods_subnet }}"
  OVN_GATEWAYIP: "{{ kube_pods_subnet|ipaddr('net')|ipaddr(1) }}"

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nfn-operator
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      name: nfn-operator
  template:
    metadata:
      labels:
        name: nfn-operator
    spec:
      hostNetwork: true
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: ovn4nfv-k8s-plugin
                operator: In
                values:
                - ovn-control-plane
      tolerations:
       - key: "node-role.kubernetes.io/master"
         effect: "NoSchedule"
         operator: "Exists"
       - key: "node-role.kubernetes.io/control-plane"
         effect: "NoSchedule"
         operator: "Exists"
      serviceAccountName: k8s-nfn-sa
      containers:
        - name: nfn-operator
          image: {{ ovn4nfv_k8s_plugin_image_repo }}:{{ ovn4nfv_k8s_plugin_image_tag }}
          command: ["/usr/local/bin/entrypoint", "operator"]
          imagePullPolicy: {{ k8s_image_pull_policy }}
          envFrom:
          - configMapRef:
              name: ovn-controller-network
          ports:
          - containerPort: 50000
            protocol: TCP
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: OPERATOR_NAME
              value: "nfn-operator"

---
kind: ConfigMap
apiVersion: v1
metadata:
  name: ovn4nfv-cni-config
  namespace: kube-system
  labels:
    app: ovn4nfv
data:
  ovn4nfv_k8s.conf: |
          [logging]
          loglevel=5
          logfile=/var/log/openvswitch/ovn4k8s.log

          [cni]
          conf-dir=/etc/cni/net.d
          plugin=ovn4nfvk8s-cni

          [kubernetes]
          kubeconfig=/etc/cni/net.d/ovn4nfv-k8s.d/ovn4nfv-k8s.kubeconfig
  00-network.conf: |
          {
            "name": "ovn4nfv-k8s-plugin",
            "type": "ovn4nfvk8s-cni",
            "cniVersion": "0.3.1"
          }

---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: ovn4nfv-cni
  namespace: kube-system
  labels:
    app: ovn4nfv
spec:
  updateStrategy:
    type: RollingUpdate
  selector:
    matchLabels:
      app: ovn4nfv
  template:
    metadata:
      labels:
        app: ovn4nfv
    spec:
      hostNetwork: true
      nodeSelector:
        kubernetes.io/arch: amd64
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: k8s-nfn-sa
      containers:
      - name: ovn4nfv
        image: {{ ovn4nfv_k8s_plugin_image_repo }}:{{ ovn4nfv_k8s_plugin_image_tag }}
        command: ["/usr/local/bin/entrypoint", "cni"]
        imagePullPolicy: {{ k8s_image_pull_policy }}
        resources:
          requests:
            cpu: {{ ovn4nfv_cni_cpu_request }}
            memory: {{ ovn4nfv_cni_memory_request }}
          limits:
            cpu: {{ ovn4nfv_cni_cpu_limit }}
            memory: {{ ovn4nfv_cni_memory_limit }}
        securityContext:
          privileged: true
        volumeMounts:
        - name: cni
          mountPath: /host/etc/cni/net.d
        - name: cnibin
          mountPath: /host/opt/cni/bin
        - name: cniconf
          mountPath: /host/etc/openvswitch
        - name: ovn4nfv-cfg
          mountPath: /tmp/ovn4nfv-conf
        - name: ovn4nfv-cni-net-conf
          mountPath: /tmp/ovn4nfv-cni
      volumes:
        - name: cni
          hostPath:
            path: /etc/cni/net.d
        - name: cnibin
          hostPath:
            path: /opt/cni/bin
        - name: cniconf
          hostPath:
            path: /etc/openvswitch
        - name: ovn4nfv-cfg
          configMap:
            name: ovn4nfv-cni-config
            items:
            - key: ovn4nfv_k8s.conf
              path: ovn4nfv_k8s.conf
        - name: ovn4nfv-cni-net-conf
          configMap:
            name: ovn4nfv-cni-config
            items:
            - key: 00-network.conf
              path: 00-network.conf
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: nfn-agent
  namespace: kube-system
  labels:
    app: nfn-agent
spec:
  selector:
    matchLabels:
      app: nfn-agent
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: nfn-agent
    spec:
      hostNetwork: true
      hostPID: true
      nodeSelector:
        kubernetes.io/arch: amd64
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: k8s-nfn-sa
      containers:
      - name: nfn-agent
        image: {{ ovn4nfv_k8s_plugin_image_repo }}:{{ ovn4nfv_k8s_plugin_image_tag }}
        command: ["/usr/local/bin/entrypoint", "agent"]
        imagePullPolicy: {{ k8s_image_pull_policy }}
        resources:
          requests:
            cpu: {{ nfn_agent_cpu_request }}
            memory: {{ nfn_agent_memory_request }}
          limits:
            cpu: {{ nfn_agent_cpu_limit }}
            memory: {{ nfn_agent_memory_limit }}
        env:
          - name: NFN_NODE_NAME
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
        securityContext:
          runAsUser: 0
          capabilities:
            add: ["NET_ADMIN", "SYS_ADMIN", "SYS_PTRACE"]
          privileged: true
        volumeMounts:
        - mountPath: /var/run/dbus/
          name: host-var-run-dbus
          readOnly: true
        - mountPath: /run/openvswitch
          name: host-run-ovs
        - mountPath: /var/run/openvswitch
          name: host-var-run-ovs
        - mountPath: /var/run/ovn4nfv-k8s-plugin
          name: host-var-cniserver-socket-dir
      volumes:
      - name: host-run-ovs
        hostPath:
          path: /run/openvswitch
      - name: host-var-run-ovs
        hostPath:
          path: /var/run/openvswitch
      - name: host-var-run-dbus
        hostPath:
          path: /var/run/dbus
      - name: host-var-cniserver-socket-dir
        hostPath:
          path: /var/run/ovn4nfv-k8s-plugin
